﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

using System.Data;
using System.Configuration;
using System.Data.SqlClient;

namespace ScoreManage
{
    public partial class Login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void btnOK_Click(object sender, EventArgs e)
        {
            string code = txtValidateCode.Text;
            HttpCookie htco = Request.Cookies["ImageV"];
            string scode = htco.Value.ToString();
            if (code != scode)
            {
                ClientScript.RegisterStartupScript(this.GetType(), "error", "<script>alert('验证码错误，请重新输入！')</script>");
                txtValidateCode.Text = "";
            }
            else
            {
                string ID = txtID.Text.Trim().Replace("'", "''"); 
                string Password = txtPassword.Text.Replace("'", "''"); 
                string strConn = ConfigurationManager.ConnectionStrings["studbConnectionString"].ConnectionString;
                SqlConnection conn = new SqlConnection(strConn);
                conn.Open();

                string strSql;
                string Type = rblType.SelectedValue;
                if (Type == "学生")
                {
                    strSql = string.Format("SELECT * FROM student WHERE sno='{0}' and password='{1}'", ID, Password);
                }
                else if (Type == "教师")
                {
                    strSql = string.Format("SELECT * FROM teacher WHERE tno='{0}' and password='{1}'", ID, Password);
                }
                else
                {
                    strSql = string.Format("SELECT * FROM myuser WHERE userid='{0}' and password='{1}'", ID, Password);
                }
                
                SqlCommand myCommand = new SqlCommand(strSql, conn);
                SqlDataReader dr = myCommand.ExecuteReader();
                if (dr.Read())
                {
                    Session["ID"] = txtID.Text;
                    Session["Type"] = Type;
                    if (Type == "学生")
                    {
                        Response.Redirect("StudentGradeQuery.aspx?item=4");
                    }
                    else if (Type == "教师")
                    {
                        Response.Redirect("TeacherGradeManage.aspx?item=1");
                    }
                    else
                    {
                        Session["UserType"] = dr["role"].ToString();
                        Session["Department"] = dr["department"].ToString();
                        Response.Redirect("CourseManage.aspx?item=1");
                    }
                }
                else
                {
                    ClientScript.RegisterStartupScript(this.GetType(), "error", "<script>alert('账号或密码错误，请重新输入！')</script>"); 
                }
            }
        }

        protected void btnReset_Click(object sender, EventArgs e)
        {
            txtID.Text = "";
            txtPassword.Text = "";
            txtValidateCode.Text = "";
        }
    }
}